Yahoo addresses privacy concerns over recycled user IDs

By on

Last week Yahoo revealed plans to reset and re-issue inactive user IDs. The idea here is to once again make available desirable Yahoo IDs that have long since gone unused. It sounds like a win-win for everybody involved as users could get a shot at their preferred ID while Yahoo gets to do some house cleaning and gain some publicity in the process.

What could go wrong? Well as it turns out, quite a bit actually.

Yahoo noted that any ID that has been inactive for over a year will be subject to deactivation and ultimately made available again. Using that premise, let’s say you own two e-mail accounts: one for everyday use and another that’s simply given out when you create a new account online (your Yahoo account) for activation purposes.

Most would agree that this is a pretty common practice as it routes unnecessary or potentially spammy messages to the latter account, keeping your main inbox nice and tidy. Now let’s also say that it’s been slightly longer than a year since you last logged into your Yahoo account and you somehow happened to miss this bit of news from Yahoo in the media.

You can quickly see where this is going. Your Yahoo account gets shut down and recycled, another user scoops it up and with a bit of luck, they could potentially send a password reset request to that address from a website and gain access to your account. Uh oh.

It seems like a plausible scenario but Yahoo has you covered, or so they say. In a statement released on the matter, Yahoo said they are confident in their ability to free up desirable namespace in a way that is safe and secure. Here’s how.

First, Yahoo points out that the vast majority of inactive Yahoo IDs don’t have a mailbox associated with them. Furthermore, all accounts will be purged of any previous user data before being made available again.

Also, the company will initiate a 30-day grace period between deactivation and making the ID available to someone else. During that time, Yahoo will send bounce back e-mails to senders notifying them of the deactivation as well as send notifications to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties on your behalf.

Whether or not this will be enough, however, remains to be seen.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.